As many of our readers already know, the past few weeks have hit the crypto industry hard— with the market being subject to immense bearish pressure causing many of the top altcoins to tumble even further.
Additionally, in the recent past, many altcoin enthusiasts have taken to different social media platforms in order to voice their opinions regarding the need for better security within this burgeoning domain.
In this regard, a brand new study released by Cryptocurrency Exchange Ratings [CER] has looked closely at the security protocols/ measures taken by the world’s top 100 cryptocurrency exchanges in order to protect customer funds. To be more specific, the scores were devised on the basis of certain parameters such as:
The individual Cyber Security Score [CSS] of a particular platform— a metric that grades various niche’ privacy parameters on a 10-point scale.
The degree of server security provided by a particular exchange.
More On The Matter
Over the course of the past 12 months, security agencies across the globe have noted that a mammoth sum of $1.3 billion has been stolen from various cryptocurrency exchanges by miscreants.
This data was then collated by the CER team through the use of their native assessment models for carrying out a host of security audits.
These audits took into consideration some core privacy aspects such as:
Ongoing Crowdsource Security Assessment [OCSA]
To elaborate further on the matter, we can see that statistical data provided by the CER shows that only a total of “nine crypto exchanges scored above eight points out of ten” (on the CSS scale). In this regard, the platforms that performed the best were Kraken, Coinbase Pro, Binance and BitMex. However, quite surprisingly, a whole host of popular exchanges such as Bithumb, DOBI, ZBG, Coincheck, and Zaif came in over the 90th spot.
Source: Cryptocurrency Exchange Ranking
So Where Did Most Exchanges Fall Short?
A closer look at the report shows that there are three factors that have been the most worrisome for a large number of exchange platforms. These include:
The existence Of Bug Bounty Programs
Not only that, out of the above-stated problems, the DNSSEC records and HTTP Headers were the two aspects that had a direct impact on the “server security” of most exchange platforms.
For those of our readers who may not know, the DNSSEC protocol (abbreviation for ‘ Domain Name System Security Extensions’) makes use of a public key encryption module to verify DNS servers so as to ”prevent the usage of forged or manipulated DNS data”. According to the above mentioned CER study, a whopping
“60% of the analyzed platforms did not possess the appropriate records for their domains.”
As far as HTTP Security Headers go, they can be thought of as security-related fields in the header section of ‘HTTP request and response module’ which if installed correctly can counter the effects of ‘scripting attacks’.
According to the CER study:
59% of the exchanges had missed six to seven of the headers.
17% missed four to five
13% missed just two to three headers,
11% of the exchanges missing just one header
Other Data Worth Considering
Out of all the examined platforms, only a meager 13% had ongoing bug bounty programs that were reliable.
Around 6% of the firms were found to be hosting Bug Bounty programs by themselves while an additional 7% made use of specialized platforms (such as HackenProof or Bugcrowd) to serve the purpose.
In closing out this article, it is worth noting that a couple of weeks back, Cryptopia released a statement saying that it had fallen victim to a security breach that had caused the firm to lose quite a substantial chunk of their stored customer funds.
While they did not reveal the amount that was compromised, day to day operations for the exchange have been put on halt until further notice.